/alcasar.sh |
---|
999,13 → 999,16 |
echo "cache_mem 256 MB" >> /etc/squid/squid.conf |
echo "maximum_object_size_in_memory 4096 KB" >> /etc/squid/squid.conf |
echo "maximum_object_size 4096 KB" >> /etc/squid/squid.conf |
# anonymisation de la version de squid |
# anonymisation of squid version |
echo "via off" >> /etc/squid/squid.conf |
# suppression de la primitive http 'X_forwarded' |
# remove the 'X_forwarded' http option |
echo "forwarded_for delete" >> /etc/squid/squid.conf |
# pour éviter les message d'erreur lors des changement d'état des interfaces réseaux |
# linked squid output in HAVP input |
echo "cache_peer 127.0.0.1 parent 8090 0 no-query default" >> /etc/squid/squid.conf |
echo "never_direct allow all" >> /etc/squid/squid.conf |
# avoid error messages on network interfaces state changes |
$SED "s?^SQUID_AUTO_RELOAD.*?SQUID_AUTO_RELOAD=no?g" /etc/sysconfig/squid |
# Initialisation du cache de Squid |
# Squid cache init |
/usr/sbin/squid -z |
} # End of param_squid () |
1024,8 → 1027,8 |
$SED "s?^language =.*?language = french?g" $DIR_DG/dansguardian.conf |
# on limite l'écoute de Dansguardian côté LAN |
$SED "s?^filterip.*?filterip = $PRIVATE_IP?g" $DIR_DG/dansguardian.conf |
# on chaîne Dansguardian au proxy antivirus HAVP |
$SED "s?^proxyport.*?proxyport = 8090?g" $DIR_DG/dansguardian.conf |
# on chaîne Dansguardian au proxy cache SQUID |
$SED "s?^proxyport.*?proxyport = 3128?g" $DIR_DG/dansguardian.conf |
# on remplace la page d'interception (template) |
cp -f $DIR_CONF/template.html /usr/share/dansguardian/languages/ukenglish/ |
cp -f $DIR_CONF/template-fr.html /usr/share/dansguardian/languages/french/template.html |
1077,13 → 1080,13 |
# configuration d'HAVP |
[ -e /etc/havp/havp.config.default ] || cp /etc/havp/havp.config /etc/havp/havp.config.default |
$SED "/^REMOVETHISLINE/d" /etc/havp/havp.config |
$SED "s?^# PARENTPROXY.*?PARENTPROXY 127.0.0.1?g" /etc/havp/havp.config # datas come from DG |
$SED "s?^# PARENTPORT.*?PARENTPORT 3128?g" /etc/havp/havp.config # datas are send to squid (3128) |
$SED "s?^# PORT.*?PORT 8090?g" /etc/havp/havp.config # datas come on 8090 |
$SED "s?^# BIND_ADDRESS.*?BIND_ADDRESS 127.0.0.1?g" /etc/havp/havp.config # we listen only on loopback |
$SED "s?^ENABLECLAMLIB.*?ENABLECLAMLIB true?g" /etc/havp/havp.config # active libclamav AV |
$SED "s?^# LOG_OKS.*?LOG_OKS false?g" /etc/havp/havp.config # log only when malware matches |
$SED "s?^# SERVERNUMBER.*?SERVERNUMBER 10?g" /etc/havp/havp.config # 10 daemons are started simultaneously |
$SED "s?^# SCANIMAGES.*?SCANIMAGES false?g" /etc/havp/havp.config # doesn't scan image files |
$SED "s?^# SKIPMIME.*?SKIPMIME image\/\* video\/\* audio\/\*?g" /etc/havp/havp.config # doesn't scan some multimedia files |
# remplacement du fichier d'initialisation |
[ -e /etc/init.d/havp.default ] || cp /etc/init.d/havp /etc/init.d/havp.default |
cp -f $DIR_CONF/havp-init /etc/init.d/havp |
/scripts/alcasar-urpmi.sh |
---|
11,17 → 11,20 |
VERSION="2010.2" |
ARCH="i586" |
# ****** Alcasar needed RPMS - paquetages nécessaires au fonctionnement d'Alcasar ****** |
PACKAGES="freeradius freeradius-mysql freeradius-ldap freeradius-web apache-mpm-prefork apache-mod_ssl apache-mod_php squid dansguardian postfix MySQL logwatch ntp awstats cdrecord buffer vim-enhanced bind-utils wget arpscan ulogd openssh-server php-xml php-ldap pam_ccreds rng-utils lsb-release dnsmasq sudo syslinux cronie-anacron pciutils clamav pm-fallback-policy " |
PACKAGES="freeradius freeradius-mysql freeradius-ldap freeradius-web apache-mpm-prefork apache-mod_ssl apache-mod_php squid dansguardian postfix MySQL logwatch ntp awstats cdrecord buffer vim-enhanced bind-utils arpscan ulogd openssh-server php-xml php-ldap pam_ccreds rng-utils lsb-release dnsmasq sudo syslinux cronie-anacron pciutils clamav pm-fallback-policy " |
rpm_repository_sync () |
{ |
echo ${!MIRRORLIST} |
urpmi.removemedia -a |
urpmi.addmedia --wget --probe-synthesis --mirrorlist ${!MIRRORLIST} main /media/main/release |
urpmi.addmedia --wget --update --probe-synthesis --mirrorlist ${!MIRRORLIST} main_updates /media/main/updates |
urpmi.addmedia --wget --probe-synthesis --mirrorlist ${!MIRRORLIST} contrib /media/contrib/release |
urpmi.addmedia --wget --update --probe-synthesis --mirrorlist ${!MIRRORLIST} contrib_updates /media/contrib/updates |
cat <<EOF > /etc/urpmi/urpmi.cfg |
{ |
downloader: wget |
} |
EOF |
urpmi.addmedia --probe-synthesis --mirrorlist ${!MIRRORLIST} main /media/main/release |
urpmi.addmedia --update --probe-synthesis --mirrorlist ${!MIRRORLIST} main_updates /media/main/updates |
urpmi.addmedia --probe-synthesis --mirrorlist ${!MIRRORLIST} contrib /media/contrib/release |
urpmi.addmedia --update --probe-synthesis --mirrorlist ${!MIRRORLIST} contrib_updates /media/contrib/updates |
} |
rpm_error () |
{ |
107,7 → 110,7 |
echo "Updated RPM download. Please wait ..." |
echo "Il est temps d'aller prendre un café :-) " |
echo "You should now take a Beer ;-) " |
urpmi --downloader wget --auto --auto-update --quiet --test --retry 2 |
urpmi --auto --auto-update --quiet --test --retry 2 |
if [ "$?" != "0" ] |
then |
echo |
131,7 → 134,7 |
# Download of ALCASAR specifics RPM in cache (and test) |
echo "Récupération des paquetages complémentaires. Veuillez patienter ..." |
echo "Download of complementary packages. Please wait ..." |
urpmi --downloader wget --auto $PACKAGES --quiet --test --retry 2 |
urpmi --auto $PACKAGES --quiet --test --retry 2 |
if [ "$?" != "0" ] |
then |
echo |
/scripts/sbin/alcasar-havp.sh |
---|
2,7 → 2,7 |
# $Id$ |
# alcasar-havp.sh |
# by Richard REY |
# by Rexy |
# This script is distributed under the Gnu General Public License (GPL) |
# Activation / désactivation antivirus de flux WEB (Havp + LibClamav) |
11,15 → 11,17 |
CONF_FILE="/usr/local/etc/alcasar.conf" |
SED="/bin/sed -i" |
function av_disable (){ |
$SED "s/^proxyport =.*/proxyport = 3128/g" /etc/dansguardian/dansguardian.conf |
$SED "s/^cache_peer.*/#cache_peer 127\.0\.0\.1 parent 8090 0 no-query default/g" /etc/squid/squid.conf |
$SED "s/^never_direct.*/#never_direct allow all/g" /etc/squid/squid.conf |
$SED "s/^WEB_ANTIVIRUS=.*/WEB_ANTIVIRUS=off/g" /usr/local/etc/alcasar.conf |
service dansguardian reload |
service squid reload |
service havp stop |
} |
function av_enable (){ |
$SED "s/^proxyport =.*/proxyport = 8090/g" /etc/dansguardian/dansguardian.conf |
$SED "s/^#cache_peer.*/cache_peer 127\.0\.0\.1 parent 8090 0 no-query default/g" /etc/squid/squid.conf |
$SED "s/^#never_direct.*/never_direct allow all/g" /etc/squid/squid.conf |
$SED "s/^WEB_ANTIVIRUS=.*/WEB_ANTIVIRUS=on/g" /usr/local/etc/alcasar.conf |
service dansguardian reload |
service squid reload |
service havp start |
} |
usage="Usage: alcasar-havp.sh {--on or -on} | {--off or -off} | {--update or -update}" |
27,7 → 29,7 |
args=$1 |
if [ $nb_args -eq 0 ] |
then |
AV_FILTERING=`grep WEB_ANTIVIRUS $CONF_FILE|cut -d"=" -f2` # DNS and URLs filter (on/off) |
AV_FILTERING=`grep WEB_ANTIVIRUS $CONF_FILE|cut -d"=" -f2` # WEB-antivir (on/off) |
AV_FILTERING=${AV_FILTERING:=on} |
echo "Set antivirus Filtering to $AV_FILTERING" |
if [ $AV_FILTERING = on ]; then |
/web/acc/phpsysinfo/includes/xml/portail.php |
---|
117,7 → 117,7 |
if (filtrageTest("/etc/dansguardian/dansguardian.conf","/^reportinglevel = 3/")){ |
$web_filter_status = $text['enable'];} |
else { $web_filter_status = $text['disable'];} |
if (filtrageTest("/etc/dansguardian/dansguardian.conf","/^proxyport = 8090/")){ |
if (filtrageTest("/usr/local/etc/alcasar.conf","/^WEB_ANTIVIRUS=on/")){ |
$web_antivir_status = $text['enable'];} |
else { $web_antivir_status = $text['disable'];} |
if ((filtrageTest("/var/www/html/index.php","/network_pb = False/")) && (internetTest($INSTALLEDVERSION))){ |